133 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6679
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer...
Linux Distros Unpatched Vulnerability : CVE-2026-6291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable...
Exploit for Improper Certificate Validation in Wolfssl
CVE-2026-5194 - Security Vulnerability Quick Usage bas...
UBUNTU-CVE-2026-5501
wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...
wolfSSL(CyaSSL) 安全漏洞
WolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, designed for developers working with embedded systems. WolfSSL CyaSSL contains a security vulnerability. This vulnerability stems from the ChaCha20-Poly1305 AEAD decryption path in...
Linux Distros Unpatched Vulnerability : CVE-2026-5504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified...
Linux Distros Unpatched Vulnerability : CVE-2026-5460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of...
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
ANT-2026-KNXJMVYC · wolfSSL · signature-bypass
signature-bypass high CVE-2026-5466 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through publ...
Linux Distros Unpatched Vulnerability : CVE-2026-1005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer underflow in wolfSSL packet sniffer = 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter...
Linux Distros Unpatched Vulnerability : CVE-2026-3230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of...
Linux Distros Unpatched Vulnerability : CVE-2026-3547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN...
Linux Distros Unpatched Vulnerability : CVE-2026-3849
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack Buffer Overflow in wcHpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a...
Linux Distros Unpatched Vulnerability : CVE-2026-4395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past...
EUVD-2026-13166
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...
CVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds read
1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...
CVE-2026-3547
Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...
CVE-2026-3579
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...
CVE-2026-2645
CVE-2026-2645 concerns wolfSSL’s TLS 1.2 server state machine: in 5.8.2 and earlier a logic flaw could allow accepting a CertificateVerify before ClientKeyExchange. The issue affects wolfSSL versions before 5.8.4; 5.8.4 detects the problem later in the handshake, while 5.9.0 hardened to catch it ...